TeamPCP Claims Breach of 4,000 GitHub Private Repositories
May 20, 2026
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
HUMAN's Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24 million total downloads.
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Drupal warned a highly critical vulnerability in versions 11.3.x through 10.5.x could be exploited within hours of its May 20, 2026 patch release date.
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
Seven vulnerabilities in SEPPMail Secure E-Mail Gateway, including a CVSS 10.0 pre-auth RCE, could let attackers intercept all protected mail traffic.
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
May 20, 2026
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
May 20, 2026
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Microsoft Disrupts Fox Tempest Malware-Signing Service
May 20, 2026
Microsoft seized Fox Tempest’s signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
May 20, 2026
B1ack’s Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
May 20, 2026
HUMAN’s Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
May 20, 2026
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials,
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
May 20, 2026
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
May 20, 2026
Drupal warned a highly critical vulnerability in versions 11.3.x through 10.5.x could be exploited within hours of its May 20,
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
May 20, 2026
Seven vulnerabilities in SEPPMail Secure E-Mail Gateway, including a CVSS 10.0 pre-auth RCE, could let attackers intercept all protected mail
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.